DNSCrypt Encrypts Your DNS Traffic Because There’s Always Someone Out To Get You

We’ve talked about OpenDNS quite a bit over the years, noting that these guys know what geeks like: free, fast DNS lookups that smooth out the Internet’s rough edges and shave seconds off of many web tasks. Now OpenDNS is offering DNSCrypt, a service that completely encrypts your DNS sessions, ensuring that evil ha><0rZ can't see where you're headed on the web. The service also prevents man-in-the-middle DNS attacks. The service also automatically enables OpenDNS on your machine, thereby killing multiple birds with one multi-megabyte OS extension.

What does it do? Basically DNSCrypt wraps your DNS conversation in an SSL wrapper. Considering most DNS sessions are plaintext, this a huge deal. They've even made the source code available for free here so that independent security experts can test their claims.

From the website:

In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesn’t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone don’t work in the security world, however, so we’ve opened up the source to our DNSCrypt code base and it’s available on GitHub (ed: not yet posted).

DNSCrypt has the potential to be the most impactful advancement in Internet security since SSL, significantly improving every single Internet user’s online security and privacy.

The system has automatic failover to an unsecured state and can prevent folks from snooping on your DNS calls in a coffee shop or unsecured cyber cafe. Sadly, it’s not a full proxy so it won’t hide your browsing habits from local censors.

It’s available now for the Mac, and Linux/Windows versions are forthcoming.